[dwergs]

Based on numerous reports from visitors of Mess.be, a new virus seems to be propagating itself rapidly through MSN Messenger.

F-Secure identifies the worm as Bropia.A, other antivirus software (like including Kaspersky) labels it IM-Worm.Win32.VB.a.

When received and executed by the victim, the worm places itself in the C directory with a random filename like:

sexy_bedroom.pif
drunk_lol.pif
naked_party.pif
webcam_(random number).pif
love_me.pif and similar looking names.

It then automatically sends itself to active MSN Messenger contacts. It also drops and executes oms.exe, a variant of Rbot, which copies itself as lexplore.exe and adds two registry keys so it will be executed at next system startup. The bot can be used as a backdoor, logging keystrokes, relaying spam and for various other purposes and is therefor a huge security threat to your system. Brobia.A can also disable mouse right button and manipulate Windows mixer volume settings.



If you receive a file transfer request for such a file, press ALT-D or click Decline. Don't ever execute the file. If you did, delete the file immediately and permanently from your system (My Received Files and C drive) and take necessary security measures. For more information, visit F-Secure.

Source: Mess with MSN Messenger

[Martin L]

thanks posted at frontpage

[MCT]

thanks 4 the info

[gamehead200]

Yeah, a bunch of my friends have this virus... Basically, what is does is the following:

- Run it.
- Puts in a registry value to start on startup.
- There is a file in the system32 folder (exe).
- Logs you in and out of MSN and spreads.

[prathapml]

:fear: I've got logged in and out once. :fear:
And I'm not even sure if its happening because of my ISP or this worm... :fear:



EDIT:
No worries!
I just noticed that it uses .PIF to spread. And I have prevented precisely this sort of situation by disabling hostile file-types (associate *.PIF to text-file) so its totally harmless.